Here is my config :
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /secured/ {
auth_basic "secured area";
auth_basic_user_file conf/htpasswd;
limit_req zone=one burst=5;
limit_conn addr 1;
}
}
My question is with the nginx auth module should i still need to protect
that area from flooding / ddos or will the auth module denying access be
enough.
Would like to know how well the auth module processes and does compared to
the limit_req or limit_conn module and if i should keep those in my
configuration or remove them since the auth module could be already doing
all the work.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275321,275321#msg-275321